authorizer/server/middlewares/cors.go

package middlewares

import (
	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/gin-gonic/gin"
)

func CORSMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		origin := c.Request.Header.Get("Origin")
		constants.APP_URL = origin

		if utils.IsValidOrigin(origin) {
			c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
		}

		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}
fix: add valid origin check for cors (#83) Resolves #72 2021-12-21 13:16:54 +00:00			`package middlewares`

			`import (`
			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/gin-gonic/gin"`
			`)`

			`func CORSMiddleware() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`origin := c.Request.Header.Get("Origin")`
			`constants.APP_URL = origin`

			`if utils.IsValidOrigin(origin) {`
			`c.Writer.Header().Set("Access-Control-Allow-Origin", origin)`
			`}`

			`c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")`
			`c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")`
			`c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")`

			`if c.Request.Method == "OPTIONS" {`
			`c.AbortWithStatus(204)`
			`return`
			`}`

			`c.Next()`
			`}`
			`}`